“In many cases, organizations and their company officers found to be non-compliant may be subject to fines or legal action, in addition to facing exposure to risks associated with internal data breaches. “